I had a crazy idea the other day. I started manually putting random DNS ( a couple from my list of about 2.4 million lol) into virus totals website to check to see known threats and often times what threat they contain. I noticed that if you find a dns that has multiple hits, it will also tell you domains that relate to the one you entered.

Now I am not very good at Python but I am kind of hobbling along to get python working with virus totals api to do a couple things:

if theres no threats found delete the entry (maybe)

if there are threats, download and get all the domains related to the one searched.

Would anybody be interested in this? Its ugly right now and only half working so I will clean it up before I release it to the public.

It’s unclear to me what you want to do. Do you want to release some addon software that generates additional blocking lists e.g. due to domains user’s have blacklisted or do you want to run your script on the entire blocking lists? In the latter case, it might be a better idea to generate and host the results separately than having everyone hammering this API all of the time with hundreds of thousands of requests. They might get traffic issues as soon as dozens of users do something like this.

I was going to release a script that checks what their (the users) current blacklist is and then checks it against virus total. If theres hits pull down the domains that are associated with the original domain and add it to the list, if not move on.

But yes I see what you are saying. Hammering virus total with a couple million domains may cause issues on their end.

I may want to hold onto this for a bit and see if I get blacklisted after a couple of days.